[Oisf-users] Can I use BPF filter file with suricata?
Victor Julien
victor at inliniac.net
Fri Mar 18 15:36:12 UTC 2011
On 03/18/2011 04:27 PM, carlopmart wrote:
> On 03/18/2011 04:05 PM, Victor Julien wrote:
>> On 03/18/2011 01:38 PM, carlopmart wrote:
>>> Hi all
>>>
>>> Is it possible to use a bpf filter file with suricata? If not, how can
>>> I filter out false positives and known activities??
>>>
>>> Thanks.
>>
>> Yep, suricata -c suricata.yaml -r some.pcap tcp port 80
>>
>> The "tcp port 80" part is the bpf filter.
>>
>> Cheers,
>> Victor
>>
>
> Thanks Julien .. But it is posible to pass bpf options in a file or only
> on command line??
>
>
Oh sorry, missed that part of your question. Afaik currently we only
support the command line. What can we do to improve?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list